https://bugzilla.kernel.org/show_bug.cgi?id=219104 Bug ID: 219104 Summary: A simple typo in kvm_main.c which will lead to erroneous memory access Product: Virtualization Version: unspecified Hardware: All OS: Linux Status: NEW Severity: normal Priority: P3 Component: kvm Assignee: virtualization_kvm@xxxxxxxxxxxxxxxxxxxx Reporter: zyr_ms@xxxxxxxxxxx Regression: No It seems there is a rather simple typo in `virt/kvm/kvm_main.c` function `kvm_clear_guest`. // virt/kvm/kvm_main.c:#L3586 int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len) { const void *zero_page = (const void *) __va(page_to_phys(ZERO_PAGE(0))); gfn_t gfn = gpa >> PAGE_SHIFT; int seg; int offset = offset_in_page(gpa); int ret; while ((seg = next_segment(len, offset)) != 0) { ret = kvm_write_guest_page(kvm, gfn, zero_page, offset, len); if (ret < 0) return ret; offset = 0; len -= seg; ++gfn; } return 0; } The arg `len` of `kvm_write_guest_page(kvm, gfn, zero_page, offset, len)` should be `seg`. And this error will lead to clearing a lot of incorrect memory. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
